Security changes - restricting uhttpd addresses
Peter Naulls
peter at chocky.org
Wed Oct 26 07:10:08 PDT 2022
On 10/25/22 18:20, openwrt-devel-request at lists.openwrt.org wrote:
> From: Nathan Lutchansky <lutchann at litech.org>
My hands are tied, we gotta do the dance.
>
>
> I mean this as gently as possible, but I think what a lot of us are
> missing is the benefit to the OpenWrt project to carry an increased
> maintenance burden in response to your internal requirements, which you
> openly state add no value. Maybe your time is better spent fixing your
> organization's processes, rather than trying to make volunteers
> responsive to what we all agree are pointless requirements?? -Nathan
>
Apologies, due to volume, I had put this list on digest and am missing
some of the responses not CCed to me and am going to be breaking
the threading here. Thanks to everyone for taking the time.
My company is small, there's little disagreement on what I've mentioned
to date about these issues internally. These audits are done by much
(much) larger partner companies - e.g, MS/Intel that I mentioned recently,
so there's no chance there to change process. The best response in many
cases is well reasoned arguments, but sometimes not.
I'm not asking anyone here to do anything; but if my comments serve
as useful reference in future to someone who is going through the
same process, then I'll consider it time well spent. And if the commentary
turns into practical measures, then I'll contribute back what I can.
More information about the openwrt-devel
mailing list